What is Multi-factor Authentication?

The security solution for Password Spraying

In the wake of the recent increase in password spraying attacks, that even cybersecurity experts like Citrix have recently fallen prey to, taking preventive measures and following security best practices is paramount for the secure deployment of LKMethod’s solutions in your organization’s environment. The trade-off between seamless user experience, great performance and security is an age-old one. Solutions like a separate set of credentials for various applications may be good for enhanced security but will be an unwelcome, additional layer compromising productivity. The pressure on organizations to balance it all is immense.  In this blog, we’ll be touching upon a few sure-shot methods for tackling the evolving cybersecurity threats, especially password spraying attacks.

What is a Password Spraying Attack?

For starters, it is a form of a brute force attack in which the attacker tries to access a huge number of user accounts with a few, frequently used passwords or a compromised directory. Unlike a traditional brute force attack where multiple log-in attempts on a single account often lock out the attacked account, password spraying often goes undetected.

Who are the common targets?

Commonly, these attacks are carried out on organizations using single-sign-on solutions or federated authentication services. Breaking into such accounts kills multiple birds with one stone and yields deeper access into an organization’s environment without setting off any security alarms. Secondly, file shares are also a great target for attackers to access sensitive data. Another target is organizations’ email applications; whereby, attackers can access the organization’s emails along with its entire email address list. From there on, the possibilities are endless for the attacker.

What is Multi-factor Authentication?

Multifactor authentication or MFA combines multiple (two or more) authentication methods utilizing different types of independent credentials to verify a user’s identity for access or other privileges. Credentials, in MFA, can be a combination of:

• Passwords/ Passphrases (a string of characters)
• Security tokens (a hardware device like smartcards)
• Biometric verification (iris patterns, fingerprints, etc.)

The whole idea is to ensure multi-layered protection so that even if one of the layers is breached, the other remains intact. Correct implementation of multi-factor authentication can keep attackers from gaining access to an organization’s environment.

MFA for Password Spraying

Regardless of the latest anti-virus systems and firewalls, a network is only as secure as its user’s passwords. A single compromised password can let adversaries into your otherwise secure network and carry out malicious activities without a hint. Therefore, a single password is barely enough for secure authentication, especially for remote users. Multi-Factor authentication for all remote entry points is the obvious security solution. Even if attackers manage to steal a set of credentials, they still need to possess a physical security token or an identifier particular to the actual user. For organizations leveraging Citrix technologies, enabling MFA is not complicated at all. There are several options they can choose from. Citrix allows an external hardware or software authentication token for second-factor authentication. Users can also leverage the Time-based One-Time Password (TOTP) functionality. For those who do not have a third party second-factor authentication in place, they can implement MFA with certain software authentication apps and QR codes. Citrix allows a customizable log-in system with as many layers of authentication as an organization deems fit. Additionally, users can also use SAML for third-party identity services as well as federated authentication protocols for external single sign-on solutions.

Educated Users are Secure Users

As mentioned earlier, a company’s environment is only as secure as its weakest user password. Usually, users choose passwords that are common and predictable like, password 123, spring2019, etc. The pattern in which they change their passwords is also predictable; for example, they may always change the last digit only. It’s important to educate users about the best policies regarding password setting. The passwords that appear complicated to the human eye are often easy to crack through advanced computer programs.

What Security Teams should Look for:

Although spraying attacks rarely trigger any warning, there are certain giveaways that organizations should be looking out for:

• A sudden increase in the number of login attempts to the organization’s web application or SSO portal; especially if failed logins are attempted against a large number of user accounts from a single IP address.
• Login attempts from a location other than the one that’s usual for an employee.

Regardless of whether an organization has faced such an attack or not, it could be a good practice to:

1. Have a list of passwords that are either too vulnerable or are known to the attackers and discourage employees to use those.
2. Periodically analyze users’ passwords to detect password changes that follow a predictable pattern.
3. Use contextual information and analytics to determine login behavior patterns and enable MFA when the trusted patterns are violated.

The Final Word

The cybersecurity world is constantly evolving. With new threats sprouting up every day, it’s imperative that organizations stay ahead of their security game. The easiest, most effective method of tackling password spraying is a combination of informing users about the password setting’s best policies and having a multi-factor authentication system in place. This alone will go a long way in securing your single sign-on portal and internal network.